Live Up to Privacy Shield or Face Suits, FTC Blog Advises Self-Certifiers
If an American company self-certifies with the EU-U.S. Privacy Shield, ​it can be sued for not living up to the principles established under the trans-Atlantic data transfer program, said the FTC in a blog post giving advice about compliance. The…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
commission will pursue enforcement actions for misleading consumers about the participation in the framework or other international certification programs like it did under the old safe harbor agreement, wrote Guilherme Roschke, counsel-International Consumer Protection, and Hugh Stevenson, deputy director, Office of International Affairs. They said Thursday that companies should be careful about adopting a template or industry sample to create a privacy policy and make sure all of the framework's requirements are covered. "You're making promises you need to keep," they wrote, adding firms constantly must reassess their practices, review their privacy policies and check that their certifications don't lapse. "The FTC has sued companies that failed to maintain their annual certification, but still claimed to participate," they added. The Department of Commerce said Wednesday the Swiss-U.S. Privacy Shield framework started to accept applications (see 1704130005).